<!DOCTYPE html>
<html lang="en">
<head><meta name="generator" content="Hexo 3.9.0">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="google-site-verification" content="xBT4GhYoi5qRD5tr338pgPM5OWHHIDR6mNg1a3euekI">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="GeekZhang的博客">
    <meta name="keyword" content="GeekZhang">
    <link rel="shortcut icon" href="/img/favicon.ico">

    <title>
        
        ElasticStack - GeekZhang的博客 | GeekZhang&#39;s Blog
        
    </title>

    <!-- Custom CSS -->
    <link rel="stylesheet" href="/css/aircloud.css">
    <link rel="stylesheet" href="/css/gitment.css">
    <!--<link rel="stylesheet" href="https://imsun.github.io/gitment/style/default.css">-->
    <link href="//at.alicdn.com/t/font_620856_pl6z7sid89qkt9.css" rel="stylesheet" type="text/css">
    <!-- ga & ba script hoook -->
    <script></script>
</head>

<body>

<div class="site-nav-toggle" id="site-nav-toggle">
    <button>
        <span class="btn-bar"></span>
        <span class="btn-bar"></span>
        <span class="btn-bar"></span>
    </button>
</div>

<div class="index-about">
    <i> 不乱于心，不困于情。不畏将来，不念过往。如此，安好。 </i>
</div>

<div class="index-container">
    
    <div class="index-left">
        
<div class="nav" id="nav">
    <div class="avatar-name">
        <div class="avatar ">
            <img src="/img/avatar.jpg" />
        </div>
        <div class="name">
            <i>GeekZhang</i>
        </div>
    </div>
    <div class="contents" id="nav-content">
        <ul>
            <li >
                <a href="/">
                    <i class="iconfont icon-shouye1"></i>
                    <span>主页</span>
                </a>
            </li>
            <li >
                <a href="/tags">
                    <i class="iconfont icon-biaoqian1"></i>
                    <span>标签</span>
                </a>
            </li>
            <li >
                <a href="/archive">
                    <i class="iconfont icon-guidang2"></i>
                    <span>存档</span>
                </a>
            </li>
            <li >
                <a href="/about/">
                    <i class="iconfont icon-guanyu2"></i>
                    <span>关于</span>
                </a>
            </li>
            
            <li>
                <a id="search">
                    <i class="iconfont icon-sousuo1"></i>
                    <span>搜索</span>
                </a>
            </li>
            
        </ul>
    </div>
    
        <div id="toc" class="toc-article">
    <ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#引言"><span class="toc-text">引言</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Docker方式安装"><span class="toc-text">Docker方式安装</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#Elasticsearch"><span class="toc-text">Elasticsearch</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Kibana"><span class="toc-text">Kibana</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#config-kibana-yml配置："><span class="toc-text">config/kibana.yml配置：</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Filebeat"><span class="toc-text">Filebeat</span></a></li></ol></li></ol></li></ol>
</div>
    
</div>


<div class="search-field" id="search-field">
    <div class="search-container">
        <div class="search-input">
            <span id="esc-search"> <i class="icon-fanhui iconfont"></i></span>
            <input id="search-input"/>
            <span id="begin-search">搜索</span>
        </div>
        <div class="search-result-container" id="search-result-container">

        </div>
    </div>
</div>

        <div class="index-about-mobile">
            <i> 不乱于心，不困于情。不畏将来，不念过往。如此，安好。 </i>
        </div>
    </div>
    
    <div class="index-middle">
        <!-- Main Content -->
        


<div class="post-container">
    <div class="post-title">
        ElasticStack
    </div>

    <div class="post-meta">
        <span class="attr">发布于：<span>2020-06-07 10:36:43</span></span>
        
        <span class="attr">标签：/
        
        <a class="tag" href="/tags/#es" title="es">es</a>
        <span>/</span>
        
        
        </span>
        <span class="attr">访问：<span id="busuanzi_value_page_pv"></span>
</span>
</span>
    </div>
    <div class="post-content no-indent">
        <p><strong><a href="https://www.elastic.co/cn/elastic-stack" target="_blank" rel="noopener">ElasticStack官网</a></strong></p>
<p><strong><a href="https://www.elastic.co/cn/what-is/elk-stack" target="_blank" rel="noopener">ElasticStack的由来</a></strong></p>
<h1 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h1><p><strong>Elasticsearch:</strong> 基于JSON的分布式搜索和分析引擎。</p>
<p><strong>Kibana:</strong> 可扩展的数据展示界面。</p>
<p><strong>Logstash:</strong> 动态数据收集管道，拥有可扩展的插件生态系统。</p>
<p><strong>Beats:</strong> 面向轻量型采集器的平台，包括Filebeat(日志文件)、Metricbeat(系统服务数据)、Packetbeat(网络数据)、Winlogbeat（Windows事件日志）、Auditbeat（审计数据）、Hearbeat（运行时间监控）、Functionbeat（无需服务器的采集器）等</p>
<p>使用Elasticsearch + Kibana + Filebeat作为分布式日志记录。</p>
<p>老版的是ELK: Elasticsearch + Logstash + Kibana</p>
<p> Logstash性能要差于Filebeats，现多采用Filebeats作为日志收集组件。</p>
<p> <img src="/2020/06/07/ElasticStack/stack.png" alt></p>
<h1 id="Docker方式安装"><a href="#Docker方式安装" class="headerlink" title="Docker方式安装"></a>Docker方式安装</h1><h3 id="Elasticsearch"><a href="#Elasticsearch" class="headerlink" title="Elasticsearch"></a>Elasticsearch</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 拉取镜像，官方镜像源</span></span><br><span class="line">docker pull docker.elastic.co/elasticsearch/elasticsearch:7.7.1</span><br><span class="line"><span class="comment"># 单节点方式运行</span></span><br><span class="line">docker run --name es -p 9200:9200 -p 9300:9300 -e <span class="string">"discovery.type=single-node"</span> -d docker.elastic.co/elasticsearch/elasticsearch:7.7.1</span><br></pre></td></tr></table></figure>
<h3 id="Kibana"><a href="#Kibana" class="headerlink" title="Kibana"></a>Kibana</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 拉取镜像，官方镜像源</span></span><br><span class="line">docker pull docker.elastic.co/kibana/kibana:7.7.1</span><br><span class="line"><span class="comment"># 运行，YOUR_ELASTICSEARCH_CONTAINER_NAME_OR_ID替换为上步的elasticsearch容器名称或ID，否则容器间不能通讯</span></span><br><span class="line">docker run --name kibana --link YOUR_ELASTICSEARCH_CONTAINER_NAME_OR_ID:elasticsearch -p 5601:5601 -d docker.elastic.co/kibana/kibana:7.7.1</span><br></pre></td></tr></table></figure>
<h4 id="config-kibana-yml配置："><a href="#config-kibana-yml配置：" class="headerlink" title="config/kibana.yml配置："></a>config/kibana.yml配置：</h4><p>超时：<br><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 超时时间设置为90秒</span></span><br><span class="line"><span class="attr">elasticsearch.requestTimeout:</span> <span class="number">90000</span></span><br></pre></td></tr></table></figure></p>
<p>中文：<br><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">i18n.locale:</span> <span class="string">"zh-CN"</span></span><br></pre></td></tr></table></figure></p>
<h3 id="Filebeat"><a href="#Filebeat" class="headerlink" title="Filebeat"></a>Filebeat</h3><p>由于Filebeat是运行在各个需要收集日志的服务器上，推荐下载安装包：<a href="https://www.elastic.co/cn/downloads/beats/filebeat" target="_blank" rel="noopener">https://www.elastic.co/cn/downloads/beats/filebeat</a></p>
<p>修改filebeat.yml，简单实例如下，主要是日志文件路径、enabled、es地址：<br><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">filebeat.inputs:</span></span><br><span class="line"><span class="bullet">-</span> <span class="attr">type:</span> <span class="string">log</span></span><br><span class="line">  <span class="attr">enabled:</span> <span class="literal">true</span></span><br><span class="line">  <span class="attr">paths:</span></span><br><span class="line">    <span class="bullet">-</span> <span class="string">/var/log/*.log</span></span><br><span class="line"></span><br><span class="line"><span class="attr">filebeat.config.modules:</span></span><br><span class="line">  <span class="attr">path:</span> <span class="string">$&#123;path.config&#125;/modules.d/*.yml</span></span><br><span class="line">  <span class="attr">reload.enabled:</span> <span class="literal">false</span></span><br><span class="line"></span><br><span class="line"><span class="attr">setup.template.settings:</span></span><br><span class="line">  <span class="attr">index.number_of_shards:</span> <span class="number">1</span></span><br><span class="line"></span><br><span class="line"><span class="attr">setup.kibana:</span></span><br><span class="line"></span><br><span class="line"><span class="attr">output.elasticsearch:</span></span><br><span class="line">  <span class="attr">hosts:</span> <span class="string">["localhost:9200"]</span></span><br><span class="line"></span><br><span class="line"><span class="attr">processors:</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">add_host_metadata:</span> <span class="string">~</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">add_cloud_metadata:</span> <span class="string">~</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">add_docker_metadata:</span> <span class="string">~</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">add_kubernetes_metadata:</span> <span class="string">~</span></span><br></pre></td></tr></table></figure></p>
<p>启动命令：<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">filebeat -e -c filebeat.yml</span><br></pre></td></tr></table></figure></p>

        
        <br />
        <div id="comment-container">
        </div>
        <div id="disqus_thread"></div>

        <div id="lv-container">
        </div>

    </div>
</div>

    </div>
</div>


<footer class="footer">
    <ul class="list-inline text-center">
        
        

        

        

        
        <li>
            <a target="_blank"  href="https://github.com/geekzhi">
                            <span class="fa-stack fa-lg">
                                <i class="iconfont icon-github"></i>
                            </span>
            </a>
        </li>
        

        

    </ul>
    
    <p>
        <span id="busuanzi_container_site_pv">
            <span id="busuanzi_value_site_pv"></span>PV
        </span>
        <span id="busuanzi_container_site_uv">
            <span id="busuanzi_value_site_uv"></span>UV
        </span>
        Created By <a href="https://hexo.io/">Hexo</a>  Theme <a href="https://github.com/aircloud/hexo-theme-aircloud">AirCloud</a></p>
</footer>




</body>

<script>
    // We expose some of the variables needed by the front end
    window.hexo_search_path = "search.json"
    window.hexo_root = "/"
    window.isPost = true
</script>
<script src="https://cdn.bootcss.com/jquery/3.3.1/jquery.min.js"></script>
<script src="/js/index.js"></script>
<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>




</html>
